Due to the heightened level of BIND DNS attacks lately, I am getting thousands
upon thousands of 'query (cache) denied' notice messages from BIND. Even
though there is a rule in named_rules.xml for this type of event, it is
actually being picked up under rule set syslog_rules.xml as an "Unknow
My current work around is a script I wrote then added it to my cron jobs. I then
get the output sent to me in email form when the cron job runs.
simple script ossec_summary.sc :
cd /var/ossec/
zcat /var/ossec/logs/alerts/2009/Feb/*.gz | ./src/monitord/ossec-reportd -n
"Month Summary"
Nothing
Could use some help trying to figure out why I'm seeing:
No integrity checking information available.
Nothing reported as changed.
I turned on show_errors in php.ini, and I'm getting:
Warning: arsort() expects parameter 1 to be array, null given in
/export/home/webservd/htdocs/ossec-wui